I am trying to add the ability to use two different JwtBearer providers for authentication. One being Auth0 and the other being a custom one. I am testing the implementation with Postman, but I keep getting a Parse Error: Invalid character in chunk size.
I was using this post as a reference for how to do this. I was also looking at this Microsoft doc which also shows how to do this as well. Below is what my implementation looks like.
builder.Services
.AddAuthentication()
.AddJwtBearer("Auth0", options =>
{
options.Authority = builder.Configuration["Auth0:Domain"];
options.Audience = builder.Configuration["Auth0:Audience"];
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
context.Response.OnStarting(async () =>
{
await context.Response.WriteAsync("You are not authorized to be here. Go away.");
});
return Task.CompletedTask;
},
OnForbidden = context =>
{
context.Response.OnStarting(async () =>
{
await context.Response.WriteAsync("You are a valid user, but Forbidden to use this resource");
});
return Task.CompletedTask;
}
};
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = ClaimTypes.NameIdentifier
};
})
.AddJwtBearer("Custom", options =>
{
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
context.Response.OnStarting(async () =>
{
await context.Response.WriteAsync("You are not authorized to be here. Go Away.");
});
return Task.CompletedTask;
}
};
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = builder.Configuration["JwtIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["JwtSecretKey"])),
ClockSkew = TimeSpan.Zero
};
});
builder.Services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("Custom", "Auth0")
.Build();
});
I am currently testing with the custom implementation and it seems to work as intended, the JWT token get validated and allows the request to continue to the controller.
The controller endpoint implementation is below.
[Authorize]
[HttpGet("byid/{id?}")]
public ActionResult<IEnumerable<EdgeDevice>> GetEdgeById(Guid? id)
{
if(id.HasValue)
{
return Ok(_edgeDeviceRepo.GetSingle(id.Value));
}
return BadRequest();
}
It successfully gets into the controller and has a value for the id and the repo returns a device from the database but then the error mentioned above appears within Postman. I have been doing some debugging and I was able to determine that when I don't set the default policy in builder.Services.AddAuthorization(); everything works and the response get send back to Postman.
Am I missing something here? Do I not need to specify a default policy? Thank you for any and all help in advance!
